A mixed model to evaluate random hardware failures of whole-redundancy system in ISO 26262 based on fault tree analysis and Markov chain

摘要

In order to ensure safety and reliability, some safety-related electrical and electronic (E/E) systems in vehicles need to be designed as a whole-redundancy system. Although ISO 26262 provides guidance for the analysis of random hardware failure, the problem of estimating whether the safety-related E/E systems, especially whole-redundancy system can meet the index of the ASIL level in ISO 26262 is still unsolved. Fault tree analysis (FTA) is one of the basic methods to analyze random hardware failure of a vehicle’s E/E systems quantitatively. In generic FTA, the quantitative analysis of dynamic logic gates, which usually exist in the fault tree of whole-redundancy system, cannot be calculated. Meanwhile, Markov chain can solve the problem of quantitative calculation of dynamic fault tree, but brings a side-effect of complicating the calculation of static logic gates in fault trees. In order to evaluate random hardware failure of a vehicle E/E system more concisely and effectively, and to estimate if a new safety-related E/E system’s random hardware failure rate can meet the index demand in ISO 26262, this study proposed a mixed model based on FTA and Markov chain. First, the definition of random hardware failure and fault classification were clarified. Then, a mixed model based on FTA and Markov chain was proposed. Finally, a whole-dual-redundancy steer by wire system was used as an example to test the validity of the mixed model. This study not only proposed a new mixed model based on FTA and Markov chain for the calculation of a whole-redundancy system’s random hardware failure rate, but also provided a new quantitative validation method for safety-related E/E systems in vehicles that need to meet the reliability index requirement in ISO 26262.